Vulnerabilities > Mozilla > Thunderbird > 37.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-23601 | Origin Validation Error vulnerability in Mozilla Firefox Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. | 6.5 |
| 2023-06-02 | CVE-2023-23602 | Improper Check for Unusual or Exceptional Conditions vulnerability in Mozilla Firefox A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. | 6.5 |
| 2023-06-02 | CVE-2023-23603 | Unspecified vulnerability in Mozilla Firefox Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. | 6.5 |
| 2023-06-02 | CVE-2023-23605 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. | 8.8 |
| 2023-06-02 | CVE-2023-25728 | Unspecified vulnerability in Mozilla Firefox ESR The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. | 6.5 |
| 2023-06-02 | CVE-2023-25729 | Unspecified vulnerability in Mozilla Firefox ESR Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. | 8.8 |
| 2023-06-02 | CVE-2023-25730 | Unspecified vulnerability in Mozilla Firefox ESR A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. | 5.4 |
| 2023-06-02 | CVE-2023-25732 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. | 8.8 |
| 2023-06-02 | CVE-2023-25734 | Unspecified vulnerability in Mozilla Firefox After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. | 8.1 |
| 2023-06-02 | CVE-2023-25735 | Use After Free vulnerability in Mozilla Firefox ESR Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. | 8.8 |